Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Aggressive Malware - cdncache-a and "Ads by Notification" POP UPS
Message
<blockquote data-quote="AshleySue" data-source="post: 305767" data-attributes="member: 30124"><p>Zoek.exe v5.0.0.0 Updated 25-11-2014</p><p>Tool run by House of Matador on Tue 11/25/2014 at 18:07:47.91.</p><p>Microsoft Windows 8.1 6.3.9600 x64</p><p>Running in: Normal Mode Internet Access Detected</p><p>Launched: C:\Users\House of Matador\Desktop\zoek.exe [Scan all users] [Script inserted]</p><p></p><p>==== System Restore Info ======================</p><p></p><p>11/25/2014 6:08:54 PM Zoek.exe System Restore Point Created Succesfully.</p><p></p><p>==== Empty Folders Check ======================</p><p></p><p>C:\PROGRA~2\Coolmuster deleted successfully</p><p>C:\PROGRA~2\GUME22B.tmp deleted successfully</p><p>C:\PROGRA~2\Wondershare deleted successfully</p><p>C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully</p><p>C:\PROGRA~3\ALM deleted successfully</p><p>C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) deleted successfully</p><p>C:\PROGRA~3\Oracle deleted successfully</p><p></p><p>==== Deleting CLSID Registry Keys ======================</p><p></p><p>HKEY_USERS\S-1-5-21-58989595-945218553-2854008374-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1AF8192F-4EEF-4BD1-99F7-9DA0BB4F46B3} deleted successfully</p><p>HKEY_USERS\S-1-5-21-58989595-945218553-2854008374-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2290DA4E-636A-4C73-937E-ACB4FC6DF78} deleted successfully</p><p>HKEY_USERS\S-1-5-21-58989595-945218553-2854008374-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2C676B1B-52DF-43D8-B962-145316DE3639} deleted successfully</p><p>HKEY_USERS\S-1-5-21-58989595-945218553-2854008374-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{674A460E-6A94-40BE-B2F8-69377916F8F1} deleted successfully</p><p>HKEY_USERS\S-1-5-21-58989595-945218553-2854008374-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9F5EAF07-9544-4EC7-B573-B5E893B6D} deleted successfully</p><p>HKEY_USERS\S-1-5-21-58989595-945218553-2854008374-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BB1A557B-46B-4B78-BBD6-8CA5BB9214} deleted successfully</p><p>HKEY_USERS\S-1-5-21-58989595-945218553-2854008374-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E71B07F7-C51A-449B-A77-91758BFE1A93} deleted successfully</p><p>HKEY_USERS\S-1-5-21-58989595-945218553-2854008374-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EDCBED07-443E-4C25-B839-A387F0E371A5} deleted successfully</p><p></p><p>==== Deleting CLSID Registry Values ======================</p><p></p><p></p><p>==== Deleting Services ======================</p><p></p><p></p><p>==== FireFox Fix ======================</p><p></p><p>ProfilePath: C:\Users\HOUSEO~1\AppData\Roaming\Mozilla\Firefox\Profiles\5jeohazu.default-1414975263666</p><p></p><p>user.js not found</p><p>---- Lines browser.startup.page removed from prefs.js ----</p><p>user_pref("browser.startup.page", 3);</p><p>---- FireFox user.js and prefs.js backups ----</p><p></p><p>prefs_20141125_0624_.backup</p><p></p><p>ProfilePath: C:\Users\HOUSEO~1\AppData\Roaming\Mozilla\Firefox\Profiles\jgcs9iav.default</p><p></p><p>user.js not found</p><p>---- Lines offers removed from prefs.js ----</p><p>user_pref("<a href="mailto:extensions.fbp@fbpurity.com.fbpoptsjson">extensions.fbp@fbpurity.com.fbpoptsjson</a>-11807058", "{\"filterappmessages\":1,\"becamefriends\":1,\"becamefan\":1,\"joinedgroup\":1,\"attend</p><p>---- Lines browser.startup.page removed from prefs.js ----</p><p>user_pref("browser.startup.page", 3);</p><p>---- FireFox user.js and prefs.js backups ----</p><p></p><p>prefs_20141125_0624_.backup</p><p></p><p>ProfilePath: C:\Users\HOUSEO~1\AppData\Roaming\Thunderbird\Profiles\glac7ek7.default</p><p></p><p>user.js not found</p><p>---- FireFox user.js and prefs.js backups ----</p><p></p><p>prefs_20141125_0624_.backup</p><p></p><p>ProfilePath: C:\Users\HOUSEO~1\AppData\Roaming\Mozilla\Firefox\Profiles\6nq4jkl1.Ashley Sue Oct2014</p><p></p><p>prefs.js not found</p><p>user.js not found</p><p>---- FireFox user.js and prefs.js backups ----</p><p></p><p></p><p>==== Batch Command(s) Run By Tool======================</p><p></p><p></p><p>==== Deleting Files \ Folders ======================</p><p></p><p>C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) not found</p><p>C:\Users\House of Matador\.android deleted</p><p>C:\PROGRA~2\COMMON~1\Wondershare deleted</p><p>C:\Users\House of Matador\AppData\Roaming\Upromise RewardU Toolbar deleted</p><p>C:\Users\House of Matador\AppData\Roaming\Wondershare deleted</p><p>C:\PROGRA~3\boost_interprocess deleted</p><p>C:\PROGRA~3\Package Cache deleted</p><p>C:\Users\House of Matador\AppData\Local\Wondershare deleted</p><p>C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted</p><p>C:\Users\House of Matador\AppData\LocalLow\Protect deleted</p><p>C:\WINDOWS\sysWoW64\config\systemprofile\AppData\LocalLow\Application Updater deleted</p><p>C:\windows\SysNative\GroupPolicy\User deleted</p><p>C:\WINDOWS\Syswow64\GroupPolicy\gpt.ini deleted</p><p>C:\Users\HOUSEO~1\AppData\Roaming\Mozilla\Firefox\Profiles\jgcs9iav.default\jetpack deleted</p><p></p><p>==== Firefox Extensions Registry ======================</p><p></p><p>[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]</p><p>"<a href="mailto:online_banking_69A4E213815F42BD863D889007201D82@kaspersky.com">online_banking_69A4E213815F42BD863D889007201D82@kaspersky.com</a>"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\<a href="mailto:online_banking@kaspersky.com">online_banking@kaspersky.com</a>" [11/19/2014 11:54 AM]</p><p>[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]</p><p>"<a href="mailto:smartwebprinting@hp.com">smartwebprinting@hp.com</a>"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2" [04/24/2014 09:38 AM]</p><p></p><p>==== Firefox Extensions ======================</p><p></p><p>ProfilePath: C:\Users\HOUSEO~1\AppData\Roaming\Mozilla\Firefox\Profiles\5jeohazu.default-1414975263666</p><p>- Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\<a href="mailto:content_blocker@kaspersky.com">content_blocker@kaspersky.com</a></p><p>- Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\<a href="mailto:virtual_keyboard@kaspersky.com">virtual_keyboard@kaspersky.com</a></p><p>- Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\<a href="mailto:online_banking@kaspersky.com">online_banking@kaspersky.com</a></p><p>- Undetermined - <a href="mailto:content_blocker_6418E0D362104DADA084DC312DFA8ABC@kaspersky.com">content_blocker_6418E0D362104DADA084DC312DFA8ABC@kaspersky.com</a></p><p>- Undetermined - <a href="mailto:virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB@kaspersky.com">virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB@kaspersky.com</a></p><p>- Undetermined - <a href="mailto:online_banking_69A4E213815F42BD863D889007201D82@kaspersky.com">online_banking_69A4E213815F42BD863D889007201D82@kaspersky.com</a></p><p></p><p>ProfilePath: C:\Users\HOUSEO~1\AppData\Roaming\Mozilla\Firefox\Profiles\jgcs9iav.default</p><p>- Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\<a href="mailto:content_blocker@kaspersky.com">content_blocker@kaspersky.com</a></p><p>- Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\<a href="mailto:online_banking@kaspersky.com">online_banking@kaspersky.com</a></p><p>- Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\<a href="mailto:virtual_keyboard@kaspersky.com">virtual_keyboard@kaspersky.com</a></p><p>- Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\<a href="mailto:content_blocker@kaspersky.com">content_blocker@kaspersky.com</a></p><p>- Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\<a href="mailto:online_banking@kaspersky.com">online_banking@kaspersky.com</a></p><p>- Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\<a href="mailto:virtual_keyboard@kaspersky.com">virtual_keyboard@kaspersky.com</a></p><p>- Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\<a href="mailto:content_blocker@kaspersky.com">content_blocker@kaspersky.com</a></p><p>- Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\<a href="mailto:online_banking@kaspersky.com">online_banking@kaspersky.com</a></p><p>- Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\<a href="mailto:virtual_keyboard@kaspersky.com">virtual_keyboard@kaspersky.com</a></p><p>- Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\<a href="mailto:content_blocker@kaspersky.com">content_blocker@kaspersky.com</a></p><p>- Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\<a href="mailto:online_banking@kaspersky.com">online_banking@kaspersky.com</a></p><p>- Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\<a href="mailto:virtual_keyboard@kaspersky.com">virtual_keyboard@kaspersky.com</a></p><p>- F.B. Purity - Cleans Up Facebook - %ProfilePath%\extensions\<a href="mailto:fbp@fbpurity.com.xpi">fbp@fbpurity.com.xpi</a></p><p>- feedly - %ProfilePath%\extensions\<a href="mailto:feedly@devhd.xpi">feedly@devhd.xpi</a></p><p>- Pin It Button - %ProfilePath%\extensions\<a href="mailto:jid1-YcMV6ngYmQRA2w@jetpack.xpi">jid1-YcMV6ngYmQRA2w@jetpack.xpi</a></p><p></p><p>ProfilePath: C:\Users\HOUSEO~1\AppData\Roaming\Mozilla\Firefox\Profiles\6nq4jkl1.Ashley Sue Oct2014</p><p>- Undetermined - %ProfilePath%\extensions\<a href="mailto:abs@avira.com">abs@avira.com</a></p><p></p><p>AppDir: C:\Program Files (x86)\Mozilla Firefox</p><p>- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}</p><p></p><p>==== Firefox Plugins ======================</p><p></p><p>Profilepath: C:\Users\House of Matador\AppData\Roaming\Mozilla\Firefox\Profiles\5jeohazu.default-1414975263666</p><p>8303B3CEC05500F763B4FA75210598BB - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll - Shockwave Flash</p><p>18CF51689186AEB9D1D149AEB0E92D03 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL - Microsoft Office 2013</p><p></p><p>Profilepath: C:\Users\House of Matador\AppData\Roaming\Mozilla\Firefox\Profiles\jgcs9iav.default</p><p>18CF51689186AEB9D1D149AEB0E92D03 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL - Microsoft Office 2013</p><p></p><p></p><p>==== Chromium Look ======================</p><p></p><p>HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions</p><p>flliilndjeohchalpbbcdekjklbdgfkk - No path found[]</p><p>lhmiofmipcpmhgihiecmpiekcacigpgb - C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\chrome.crx[]</p><p></p><p>Google Voice Search Hotword (Beta) - House of Matador\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn</p><p>Shield For Chrome - House of Matador\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbaffjopmgmcijlkoafmgnaiciogpdel</p><p></p><p>==== Chromium Fix ======================</p><p></p><p>C:\Users\House of Matador\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_<a href="http://www.ask.com_0.localstorage" target="_blank">www.ask.com_0.localstorage</a> deleted successfully</p><p>C:\Users\House of Matador\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_services.hearstmags.com_0.localstorage deleted successfully</p><p></p><p>==== Set IE to Default ======================</p><p></p><p>Old Values:</p><p>[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]</p><p>"Start Page"="<a href="http://www.google.com/" target="_blank">http://www.google.com/</a>"</p><p>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]</p><p>No DefaultScope Set For HKCU</p><p></p><p>New Values:</p><p>[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]</p><p>"Start Page"="<a href="http://www.google.com/" target="_blank">http://www.google.com/</a>"</p><p>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]</p><p>"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"</p><p></p><p>==== All HKCU SearchScopes ======================</p><p></p><p>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes</p><p>{012E1000-F331-11DB-8314-0800200C9A66} Google Url="<a href="http://www.google.com/search?q={searchTerms}" target="_blank">http://www.google.com/search?q={searchTerms}</a>"</p><p>{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="<a href="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" target="_blank">http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC</a>"</p><p>{8A893382-9C8B-4E55-BE15-2405DA837C45} Google Url="<a href="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}" target="_blank">http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}</a>"</p><p></p><p>==== Deleting Registry Keys ======================</p><p></p><p>HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\lhmiofmipcpmhgihiecmpiekcacigpgb deleted successfully</p><p></p><p>==== Empty IE Cache ======================</p><p></p><p>C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully</p><p>C:\Users\House of Matador\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully</p><p>C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully</p><p>C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully</p><p>C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully</p><p>C:\Users\House of Matador\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully</p><p>C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully</p><p>C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully</p><p></p><p>==== Empty FireFox Cache ======================</p><p></p><p>C:\Users\House of Matador\AppData\Local\Mozilla\Firefox\Profiles\5jeohazu.default-1414975263666\cache2 emptied successfully</p><p></p><p>==== Empty Chrome Cache ======================</p><p></p><p>C:\Users\House of Matador\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully</p><p>C:\Users\House of Matador\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully</p><p></p><p>==== Empty All Flash Cache ======================</p><p></p><p>Flash Cache Emptied Successfully</p><p></p><p>==== Empty All Java Cache ======================</p><p></p><p>Java Cache cleared successfully</p><p></p><p>==== C:\zoek_backup content ======================</p><p></p><p>C:\zoek_backup (files=77 folders=50 28068535 bytes)</p><p></p><p>==== Empty Temp Folders ======================</p><p></p><p>C:\Users\Default\AppData\Local\Temp emptied successfully</p><p>C:\Users\Default User\AppData\Local\Temp emptied successfully</p><p>C:\Users\House of Matador\AppData\Local\Temp will be emptied at reboot</p><p>C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully</p><p>C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully</p><p>C:\WINDOWS\Temp will be emptied at reboot</p><p></p><p>==== After Reboot ======================</p><p></p><p>==== Empty Temp Folders ======================</p><p></p><p>C:\WINDOWS\Temp successfully emptied</p><p>C:\Users\HOUSEO~1\AppData\Local\Temp successfully emptied</p><p></p><p>==== Empty Recycle Bin ======================</p><p></p><p>C:\$RECYCLE.BIN successfully emptied</p><p></p><p>==== EOF on Tue 11/25/2014 at 18:46:39.74 ======================</p></blockquote><p></p>
[QUOTE="AshleySue, post: 305767, member: 30124"] Zoek.exe v5.0.0.0 Updated 25-11-2014 Tool run by House of Matador on Tue 11/25/2014 at 18:07:47.91. Microsoft Windows 8.1 6.3.9600 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\House of Matador\Desktop\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 11/25/2014 6:08:54 PM Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\Coolmuster deleted successfully C:\PROGRA~2\GUME22B.tmp deleted successfully C:\PROGRA~2\Wondershare deleted successfully C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully C:\PROGRA~3\ALM deleted successfully C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) deleted successfully C:\PROGRA~3\Oracle deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-58989595-945218553-2854008374-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1AF8192F-4EEF-4BD1-99F7-9DA0BB4F46B3} deleted successfully HKEY_USERS\S-1-5-21-58989595-945218553-2854008374-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2290DA4E-636A-4C73-937E-ACB4FC6DF78} deleted successfully HKEY_USERS\S-1-5-21-58989595-945218553-2854008374-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2C676B1B-52DF-43D8-B962-145316DE3639} deleted successfully HKEY_USERS\S-1-5-21-58989595-945218553-2854008374-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{674A460E-6A94-40BE-B2F8-69377916F8F1} deleted successfully HKEY_USERS\S-1-5-21-58989595-945218553-2854008374-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9F5EAF07-9544-4EC7-B573-B5E893B6D} deleted successfully HKEY_USERS\S-1-5-21-58989595-945218553-2854008374-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BB1A557B-46B-4B78-BBD6-8CA5BB9214} deleted successfully HKEY_USERS\S-1-5-21-58989595-945218553-2854008374-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E71B07F7-C51A-449B-A77-91758BFE1A93} deleted successfully HKEY_USERS\S-1-5-21-58989595-945218553-2854008374-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EDCBED07-443E-4C25-B839-A387F0E371A5} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== FireFox Fix ====================== ProfilePath: C:\Users\HOUSEO~1\AppData\Roaming\Mozilla\Firefox\Profiles\5jeohazu.default-1414975263666 user.js not found ---- Lines browser.startup.page removed from prefs.js ---- user_pref("browser.startup.page", 3); ---- FireFox user.js and prefs.js backups ---- prefs_20141125_0624_.backup ProfilePath: C:\Users\HOUSEO~1\AppData\Roaming\Mozilla\Firefox\Profiles\jgcs9iav.default user.js not found ---- Lines offers removed from prefs.js ---- user_pref("[email]extensions.fbp@fbpurity.com.fbpoptsjson[/email]-11807058", "{\"filterappmessages\":1,\"becamefriends\":1,\"becamefan\":1,\"joinedgroup\":1,\"attend ---- Lines browser.startup.page removed from prefs.js ---- user_pref("browser.startup.page", 3); ---- FireFox user.js and prefs.js backups ---- prefs_20141125_0624_.backup ProfilePath: C:\Users\HOUSEO~1\AppData\Roaming\Thunderbird\Profiles\glac7ek7.default user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_20141125_0624_.backup ProfilePath: C:\Users\HOUSEO~1\AppData\Roaming\Mozilla\Firefox\Profiles\6nq4jkl1.Ashley Sue Oct2014 prefs.js not found user.js not found ---- FireFox user.js and prefs.js backups ---- ==== Batch Command(s) Run By Tool====================== ==== Deleting Files \ Folders ====================== C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) not found C:\Users\House of Matador\.android deleted C:\PROGRA~2\COMMON~1\Wondershare deleted C:\Users\House of Matador\AppData\Roaming\Upromise RewardU Toolbar deleted C:\Users\House of Matador\AppData\Roaming\Wondershare deleted C:\PROGRA~3\boost_interprocess deleted C:\PROGRA~3\Package Cache deleted C:\Users\House of Matador\AppData\Local\Wondershare deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted C:\Users\House of Matador\AppData\LocalLow\Protect deleted C:\WINDOWS\sysWoW64\config\systemprofile\AppData\LocalLow\Application Updater deleted C:\windows\SysNative\GroupPolicy\User deleted C:\WINDOWS\Syswow64\GroupPolicy\gpt.ini deleted C:\Users\HOUSEO~1\AppData\Roaming\Mozilla\Firefox\Profiles\jgcs9iav.default\jetpack deleted ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "[email]online_banking_69A4E213815F42BD863D889007201D82@kaspersky.com[/email]"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\[email]online_banking@kaspersky.com[/email]" [11/19/2014 11:54 AM] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "[email]smartwebprinting@hp.com[/email]"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2" [04/24/2014 09:38 AM] ==== Firefox Extensions ====================== ProfilePath: C:\Users\HOUSEO~1\AppData\Roaming\Mozilla\Firefox\Profiles\5jeohazu.default-1414975263666 - Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\[email]content_blocker@kaspersky.com[/email] - Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\[email]virtual_keyboard@kaspersky.com[/email] - Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\[email]online_banking@kaspersky.com[/email] - Undetermined - [email]content_blocker_6418E0D362104DADA084DC312DFA8ABC@kaspersky.com[/email] - Undetermined - [email]virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB@kaspersky.com[/email] - Undetermined - [email]online_banking_69A4E213815F42BD863D889007201D82@kaspersky.com[/email] ProfilePath: C:\Users\HOUSEO~1\AppData\Roaming\Mozilla\Firefox\Profiles\jgcs9iav.default - Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\[email]content_blocker@kaspersky.com[/email] - Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\[email]online_banking@kaspersky.com[/email] - Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\[email]virtual_keyboard@kaspersky.com[/email] - Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\[email]content_blocker@kaspersky.com[/email] - Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\[email]online_banking@kaspersky.com[/email] - Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\[email]virtual_keyboard@kaspersky.com[/email] - Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\[email]content_blocker@kaspersky.com[/email] - Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\[email]online_banking@kaspersky.com[/email] - Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\[email]virtual_keyboard@kaspersky.com[/email] - Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\[email]content_blocker@kaspersky.com[/email] - Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\[email]online_banking@kaspersky.com[/email] - Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\[email]virtual_keyboard@kaspersky.com[/email] - F.B. Purity - Cleans Up Facebook - %ProfilePath%\extensions\[email]fbp@fbpurity.com.xpi[/email] - feedly - %ProfilePath%\extensions\[email]feedly@devhd.xpi[/email] - Pin It Button - %ProfilePath%\extensions\[email]jid1-YcMV6ngYmQRA2w@jetpack.xpi[/email] ProfilePath: C:\Users\HOUSEO~1\AppData\Roaming\Mozilla\Firefox\Profiles\6nq4jkl1.Ashley Sue Oct2014 - Undetermined - %ProfilePath%\extensions\[email]abs@avira.com[/email] AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\House of Matador\AppData\Roaming\Mozilla\Firefox\Profiles\5jeohazu.default-1414975263666 8303B3CEC05500F763B4FA75210598BB - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll - Shockwave Flash 18CF51689186AEB9D1D149AEB0E92D03 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL - Microsoft Office 2013 Profilepath: C:\Users\House of Matador\AppData\Roaming\Mozilla\Firefox\Profiles\jgcs9iav.default 18CF51689186AEB9D1D149AEB0E92D03 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL - Microsoft Office 2013 ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions flliilndjeohchalpbbcdekjklbdgfkk - No path found[] lhmiofmipcpmhgihiecmpiekcacigpgb - C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\chrome.crx[] Google Voice Search Hotword (Beta) - House of Matador\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn Shield For Chrome - House of Matador\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbaffjopmgmcijlkoafmgnaiciogpdel ==== Chromium Fix ====================== C:\Users\House of Matador\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_[url="http://www.ask.com_0.localstorage"]www.ask.com_0.localstorage[/url] deleted successfully C:\Users\House of Matador\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_services.hearstmags.com_0.localstorage deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="[url]http://www.google.com/[/url]" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] No DefaultScope Set For HKCU New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="[url]http://www.google.com/[/url]" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="[url]http://www.google.com/search?q={searchTerms}[/url]" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="[url]http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC[/url]" {8A893382-9C8B-4E55-BE15-2405DA837C45} Google Url="[url]http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}[/url]" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\lhmiofmipcpmhgihiecmpiekcacigpgb deleted successfully ==== Empty IE Cache ====================== C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\House of Matador\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\House of Matador\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== C:\Users\House of Matador\AppData\Local\Mozilla\Firefox\Profiles\5jeohazu.default-1414975263666\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\House of Matador\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully C:\Users\House of Matador\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=77 folders=50 28068535 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\House of Matador\AppData\Local\Temp will be emptied at reboot C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\Users\HOUSEO~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on Tue 11/25/2014 at 18:46:39.74 ====================== [/QUOTE]
Insert quotes…
Verification
Post reply
Top